This invention relates generally to encryption and decryption of information, such as multimedia information, accomplished via a key, and more particularly to additional encryption and decryption of the key using a client-unique additional key for fraud prevention.
The Internet has become a popular manner by which to purchase multimedia information such as music, a phenomenon that seemingly will only increase over time as more consumers have the ability to connect to the Internet, and as their connections are at greater bandwidths to permit other multimedia information, such as video, to also be easily purchased. While actors, artists and companies responsible for producing and distributing such multimedia information generally applaud new manners of distribution, they are nevertheless somewhat concerned about the Internet and other manners by which digital versions of their content can be distributed. This is because a copy of a digital version of content can easily be duplicated illegally by consumers, potentially decreasing the revenue taken in by the rightful owners of the content.
One solution that has been suggested and used within the prior art is the encryption of multimedia information via known encryption schemes. Usually, and especially in the context of multimedia information purchased by end consumers, the information is encrypted with a key. Knowledge of the key, therefore, is required to decrypt the information; without the key, the encrypted information is unintelligible. Thus, even if many digital copies of a particular song or movie were distributed over the Internet to end users all over the world, unless a given end user knows the key to unlock the encrypted copy, the song or movie is useless.
A barrier to the overall effectiveness of this approach is, however, that little deters a consumer who has purchased encrypted multimedia information from sharing the key provided to him or her with others, or even from posting the key on the Internet along with the encrypted information. While content owners can assign each purchaser of content a unique key, such that illegal distribution of the key can be traced back to the original purchaser, this puts the onus of enforcement on the owners themselves, which will likely be time-consuming and expensive. Furthermore, the owners are put in the uncomfortable position of bringing action against their own customers, which may lead to public relations and other problems where it turns out that the key assigned to a particular consumer was distributed on a large scale through no fault of the consumerxe2x80x94for example, where the key was stolen from the consumer.
A solution to this and other problems is described in the copending, cofiled, and coassigned application Ser. No. 09/425,862 entitled xe2x80x9cEncryption Using a User-Known and Personally Valuable Key to Deter Key Sharing,xe2x80x9d. In this application, the key used for encryption of the information is known to the user and personally valuable to him or her, such as a social security number, driver""s license number, credit card number, etc. A user is thus motivated not to share the key with others, since the key itself has personal value to him or her.
However, this solution does not prevent the user from using or copying the information, such as text or multimedia information, on multiple computers or devices owned or accessible by him or her. For example, a user may have a desktop computer, a portable electronic device, and a laptop computer, all of which the user can copy the information to, for use on any such device. However, this may be against the licensing terms to which the user agreed when first purchasing or otherwise obtaining the information. The seller or provider of the information has little recourse in this situation within the prior art.
For these and other reasons, then, there is a need for the present invention.
The invention provides for encryption of a key using another key that is unique and particular to a given client, such as a desktop computer, a laptop computer, a portable electronic device, etc., for fraud prevention and other purposes. In one embodiment, a computer-implemented method determines a first key that is unique and particular to the client, without user intervention. In varying embodiments of the invention, this key can be one or more of: a processor identifier, a network card address, and a user name in a registry file. The key may also be one or more of: serial numbers and/or the number of cylinders of attached hard disk drives, checksums of the read-only memory (ROM) or other system components, the Internet Protocol (IP) address of the computer or system, and a combination of installed cards, such as sound, video, SCSI, and other cards, as the key. At least a second key that actually provides access to information, such as multimedia information, is then encrypted with this first key. (Other information may also be encrypted with the first key.) The second key as encrypted with the first key may be stored on a storage, such as a non-volatile memory or a hard disk drive.
Embodiments of the invention provides for advantages not found within the prior art. When decryption of the information is desired, in one embodiment, the second key first must be decrypted using the first key. The first key is thus redetermined and used to decrypt the second key. Because the first key is specific to the underlying computer or device, if the encrypted second key is moved to another computer or device, it will not be decrypted successfully. Thus, users are restrained from copying the information to other clients other than that on which they first stored the information, without, for example, reregistering the information with the seller or other provider.
Other embodiments of the invention enhance fraud prevention and security in still other ways. For example, the recording inputs may be varied when multimedia information is played back, so that any illicit recording will result in an undesirable copy of the information. As a further example, various checksums can be determined to ensure that the user has not made illicit changes to the playback software or other playback mechanism, as well as various system checks to detect known piracy programs that may be running on the system. In addition, a server can be contacted, for example, over the Internet, to update the player software or other playback mechanism, as well as the system checks that are to be performed.